No network when connected to OpenVPN

Hello

I am trying to establish a connection between my computer running FreeBSD 12.1 and a remote OpenVPN server.

The connection process seems to work well but once the VPN is connected I lose internet connection after a few seconds (around 30 seconds I would say). I also tried to connect to my VPN using openconnect but the same thing happens, which make me think it is linked to the tun connection rather than OpenVPN itself.

Here is the log I get with "verb 5" :
Code:
Sun May 17 09:58:21 2020 us=331740 OpenVPN 2.4.9 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May  9 2020
Sun May 17 09:58:21 2020 us=331756 library versions: OpenSSL 1.1.1d-freebsd  10 Sep 2019, LZO 2.10
Sun May 17 09:58:21 2020 us=331975 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun May 17 09:58:21 2020 us=331986 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun May 17 09:58:21 2020 us=335555 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 17 09:58:21 2020 us=335589 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 17 09:58:21 2020 us=335621 LZO compression initializing
Sun May 17 09:58:21 2020 us=335840 Control Channel MTU parms [ L:1654 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sun May 17 09:58:21 2020 us=405531 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
Sun May 17 09:58:21 2020 us=405613 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Sun May 17 09:58:21 2020 us=405625 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Sun May 17 09:58:21 2020 us=405647 TCP/UDP: Preserving recently used remote address: [AF_INET]217.138.211.67:4443
Sun May 17 09:58:21 2020 us=405686 Socket Buffers: R=[42080->42080] S=[9216->9216]
Sun May 17 09:58:21 2020 us=405699 UDP link local: (not bound)
Sun May 17 09:58:21 2020 us=405713 UDP link remote: [AF_INET]217.138.211.67:4443
WRSun May 17 09:58:21 2020 us=430174 TLS: Initial packet from [AF_INET]217.138.211.67:4443, sid=57a12282 b823ad34
WSun May 17 09:58:21 2020 us=430320 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WRRWRWRSun May 17 09:58:21 2020 us=473290 VERIFY OK: depth=1, C=KY, O=FastestVPN, CN=FastestVPN Root CA
Sun May 17 09:58:21 2020 us=473992 VERIFY OK: depth=0, C=KY, O=FastestVPN, CN=*.fastestvpn.co
WRWRWWRSun May 17 09:58:25 2020 us=824397 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1570'
Sun May 17 09:58:25 2020 us=824427 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
WSun May 17 09:58:25 2020 us=824602 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun May 17 09:58:25 2020 us=824631 [*.fastestvpn.co] Peer Connection Initiated with [AF_INET]217.138.211.67:4443
RSun May 17 09:58:27 2020 us=63735 SENT CONTROL [*.fastestvpn.co]: 'PUSH_REQUEST' (status=1)
WRRSun May 17 09:58:28 2020 us=126199 PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,redirect-gateway def1,dhcp-option DNS 10.8.8.8,register-dns,route-gateway 10.158.16.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.158.16.4 255.255.255.0,peer-id 2,cipher AES-256-GCM'
Sun May 17 09:58:28 2020 us=126308 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.9)
Sun May 17 09:58:28 2020 us=126358 OPTIONS IMPORT: timers and/or timeouts modified
Sun May 17 09:58:28 2020 us=126368 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun May 17 09:58:28 2020 us=126400 Socket Buffers: R=[42080->393216] S=[9216->393216]
Sun May 17 09:58:28 2020 us=126410 OPTIONS IMPORT: --ifconfig/up options modified
Sun May 17 09:58:28 2020 us=126418 OPTIONS IMPORT: route options modified
Sun May 17 09:58:28 2020 us=126426 OPTIONS IMPORT: route-related options modified
Sun May 17 09:58:28 2020 us=126434 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun May 17 09:58:28 2020 us=126441 OPTIONS IMPORT: peer-id set
Sun May 17 09:58:28 2020 us=126450 OPTIONS IMPORT: adjusting link_mtu to 1657
Sun May 17 09:58:28 2020 us=126457 OPTIONS IMPORT: data channel crypto options modified
Sun May 17 09:58:28 2020 us=126466 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun May 17 09:58:28 2020 us=126488 Data Channel MTU parms [ L:1585 D:1450 EF:53 EB:411 ET:32 EL:3 ]
Sun May 17 09:58:28 2020 us=126651 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun May 17 09:58:28 2020 us=126674 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun May 17 09:58:28 2020 us=126850 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=ue0 HWADDR="MAC"
Sun May 17 09:58:28 2020 us=127101 TUN/TAP device /dev/tun0 opened
Sun May 17 09:58:28 2020 us=127200 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun May 17 09:58:28 2020 us=127233 /sbin/ifconfig tun0 10.158.16.4 10.158.16.1 mtu 1500 netmask 255.255.255.0 up
Sun May 17 09:58:28 2020 us=130752 /sbin/route add -net 10.158.16.0 10.158.16.1 255.255.255.0
add net 10.158.16.0: gateway 10.158.16.1
Sun May 17 09:58:28 2020 us=133038 /sbin/route add -net 217.138.211.67 192.168.0.1 255.255.255.255
add net 217.138.211.67: gateway 192.168.0.1
Sun May 17 09:58:28 2020 us=135260 /sbin/route add -net 0.0.0.0 10.158.16.1 128.0.0.0
add net 0.0.0.0: gateway 10.158.16.1
Sun May 17 09:58:28 2020 us=137415 /sbin/route add -net 128.0.0.0 10.158.16.1 128.0.0.0
add net 128.0.0.0: gateway 10.158.16.1
Sun May 17 09:58:28 2020 us=139516 Initialization Sequence Completed
WrWrWrWrWrWrWrWrWRWrWrWrWrWrWrWrWrWrWrWrWRwrWrWrWrWRwRwRwRwRwRwrWRwrWrWrWrWRwRwRwRwRwrWRwRwrWrWRwRwrWrWRwRwrWrWrWRwRwRwRwrWrWRwrWrWRwRwRwrWRwRwrWrWrWRwRwRwrWrWRwrWrWRwRwRwrWrWrWRwrWrWRwRwRwrWRwRwrWrWrWRwRwRwrWrWrWrSun May 17 09:58:39 2020 us=164337 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rSun May 17 09:58:39 2020 us=164374 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rWrSun May 17 09:58:39 2020 us=421245 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rWrSun May 17 09:58:39 2020 us=733588 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rWrSun May 17 09:58:40 2020 us=155129 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
RwrWrSun May 17 09:58:40 2020 us=447588 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rWrSun May 17 09:58:40 2020 us=666958 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rWrSun May 17 09:58:40 2020 us=667242 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
RwrWrSun May 17 09:58:40 2020 us=732647 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rWrSun May 17 09:58:40 2020 us=798611 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rWrSun May 17 09:58:40 2020 us=864561 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
RwrWrSun May 17 09:58:41 2020 us=20711 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
RwrWrSun May 17 09:58:41 2020 us=564485 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rWrSun May 17 09:58:41 2020 us=881302 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
RwrWrSun May 17 09:58:42 2020 us=620335 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443
rWrSun May 17 09:58:43 2020 us=841178 Recursive routing detected, drop tun packet to [AF_INET]217.138.211.67:4443

If I add "allow-recursive-routing" to the config file of the VPN, the error is then "rWSun May 17 10:26:20 2020 us=985898 write UDP: No buffer space available (code=55)"

I managed to save the routing table during the short period the VPN is running :

Code:
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
0.0.0.0/1          10.158.16.1        UGS        tun0
default            192.168.0.1        UGS         ue0
10.158.16.0/24     10.158.16.1        UGS        tun0
10.158.16.1        link#4             UH         tun0
10.158.16.8        link#4             UHS         lo0
localhost          link#2             UH          lo0
128.0.0.0/1        10.158.16.1        UGS        tun0
192.168.0.0/24     link#3             U           ue0
192.168.0.13       link#3             UHS         lo0
217.138.211.67/32  192.168.0.1        UGS         ue0

Internet6:
Destination        Gateway            Flags     Netif Expire
::/96              localhost          UGRS        lo0
localhost          link#2             UH          lo0
::ffff:0.0.0.0/96  localhost          UGRS        lo0
fe80::/10          localhost          UGRS        lo0
fe80::%lo0/64      link#2             U           lo0
fe80::1%lo0        link#2             UHS         lo0
fe80::%tun0/64     link#4             U          tun0
fe80::221a:6ff:fe2 link#4             UHS         lo0
ff02::/16          localhost          UGRS        lo0

The openvpn.conf file :

Code:
client
remote bel1.jumptoserver.com 4443
proto udp
comp-lzo
persist-key
persist-tun
dev tun
auth SHA256
auth-user-pass .secrets
tls-client
mssfix 1450
resolv-retry infinite
remote-random
nobind
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
tun-mtu 1500
tun-mtu-extra 32
<ca>
CA CERTIFICATE
</ca>
key-direction 1
<tls-auth>
KEY
</tls-auth>
tls-cipher  TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:>
cipher AES-256-CBC
ping-timer-rem
 
verb 5

I also tried another VPN provider but I have the same problem...

I think it might be a problem with the routing table or a buffer set too low.

Thank you for yor help.
 
Back
Top